Virtual reality devices are becoming increasing popular in today's technological environment, and they can offer a higher level of user engagement than tradition computing devices. These virtual reality devices can be used to render a virtual reality environment that a user may interact with in various ways. In particular, a user may interact with the virtual reality environment in order to achieve specific tasks or obtain specific resources within that virtual reality environment. For example, a user may seek access to a restricted area in the virtual reality environment or may look to purchase a virtual good or service within the virtual reality environment. Before these things are provided to the user to interact with, the interaction may first need to be authorized.
In order to complete the authorization process, the user may need to provide specific credentials (e.g., a username and password, a PIN number, and so forth). Such credentials are usually required by various computer systems in order to authorize a user. However, the theft of these credentials can be a great concern. For instance, if a user's credentials are stolen by another user, that other user may be able to perform fraudulent interactions within a virtual reality environment using the stolen credentials.
In the case of virtual reality devices, the manner in which a user furnishes credentials may open up the possibility for fraud. In particular, there could be observers in the same room as the device user who may be able to see the user entering the credential or deduce the credential based on the user's actions. For example, a virtual reality device may allow a user to provide input based on the user's eye movements or head movements, and an observer may be able to deduce those inputs based on the user's eye movements or head movements. As an alternative, more secure methods of having users furnish credentials may be used, but at the potential cost of reducing the user's engagement with the virtual reality environment. For example, having a user enter the credential using a separate device (e.g., computer or phone) would mean the user is no longer immersed in the virtual reality environment.
Accordingly, there exists a need for a secure method of using a virtual reality device to obtain user credentials without requiring the user disengage from the virtual reality environment (e.g., allowing the user to initiate interactions without breaking immersion).
Embodiments of the invention address this and other problems, individually and collectively.